nexo-brain 7.17.3 → 7.17.4

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.3",
+  "version": "7.17.4",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.17.3` is the current packaged-runtime line. Corrective patch over v7.17.2 - standalone Brain install/update no longer aborts when the Desktop-only `qwen3-0.6b-q4-local-presence` model is not bundled or already cached locally. Required Brain warmups stay strict; only the optional local-presence GGUF now degrades cleanly.
+Version `7.17.4` is the current packaged-runtime line. Corrective patch over v7.17.3 - automation runners now keep full NEXO discipline for real background agents while strict JSON children stay clean, and runtime doctor/metrics expose caller coverage and Guardian injection telemetry instead of hiding blind spots.
+
+Previously in `7.17.3`: corrective patch over v7.17.2 - standalone Brain install/update no longer aborts when the Desktop-only `qwen3-0.6b-q4-local-presence` model is not bundled or already cached locally. Required Brain warmups stay strict; only the optional local-presence GGUF now degrades cleanly.
 
 Previously in `7.17.2`: patch release over v7.17.1 - email-monitor now guards its `/tmp/nexo-*` draft buffers before writing, morning-agent closes interrupted/stale briefing claims deterministically, and Codex managed config migrates from the legacy `codex_hooks` flag to `[features].hooks`.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.3",
+  "version": "7.17.4",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/agent_runner.py

@@ -273,6 +273,7 @@ def _record_automation_end(
         {
             "warnings": (telemetry or {}).get("warnings") or [],
             "raw": (telemetry or {}).get("raw") or {},
+            "automation_contract": (telemetry or {}).get("automation_contract") or "",
         },
         ensure_ascii=False,
     )
@@ -922,10 +923,11 @@ def _build_codex_prompt(
     output_format: str = "",
     append_system_prompt: str = "",
     allowed_tools: str = "",
+    include_protocol_contract: bool = True,
 ) -> str:
-    protocol_contract = render_core_prompt("codex-protocol-contract")
     instructions: list[str] = []
-    instructions.append(protocol_contract)
+    if include_protocol_contract:
+        instructions.append(render_core_prompt("codex-protocol-contract"))
     if append_system_prompt:
         instructions.append(f"SYSTEM INSTRUCTIONS:\n{append_system_prompt}")
     if output_format and output_format.lower() == "text":
@@ -1047,6 +1049,35 @@ BARE_MODE_SAFE_CALLERS: frozenset[str] = frozenset({
     "deep-sleep/synthesize",
 })
 
+# Execution contracts keep background agents disciplined without polluting
+# machine-only child calls that must return strict JSON.
+AUTOMATION_CONTRACT_FULL_NEXO_AGENT = "full_nexo_agent"
+AUTOMATION_CONTRACT_STRICT_CHILD = "strict_child_json"
+AUTOMATION_CONTRACT_PUBLIC_CHILD = "public_isolated_child"
+AUTOMATION_CONTRACT_DEFAULT = AUTOMATION_CONTRACT_FULL_NEXO_AGENT
+
+FULL_NEXO_AGENT_CALLERS: frozenset[str] = frozenset({
+    "catchup/morning",
+    "daily_self_audit",
+    "email_monitor",
+    "evolution/run",
+    "followup_runner",
+    "immune/scan",
+    "postmortem_consolidator",
+    "sleep/nightly",
+})
+
+STRICT_CHILD_CALLERS: frozenset[str] = frozenset({
+    "automation_probe",
+    "check_context",
+    "deep-sleep/extract",
+    "deep-sleep/synthesize",
+    "learning_validator",
+    "morning_agent",
+})
+
+PUBLIC_CHILD_CALLERS: frozenset[str] = frozenset()
+
 MACHINE_ONLY_LANGUAGE_CONTRACT_CALLERS: frozenset[str] = frozenset({
     "automation_probe",
     "check_context",
@@ -1054,6 +1085,19 @@ MACHINE_ONLY_LANGUAGE_CONTRACT_CALLERS: frozenset[str] = frozenset({
 })
 
 
+def _automation_contract_for_caller(caller: str) -> str:
+    clean = str(caller or "").strip()
+    if clean in STRICT_CHILD_CALLERS:
+        return AUTOMATION_CONTRACT_STRICT_CHILD
+    if clean in PUBLIC_CHILD_CALLERS:
+        return AUTOMATION_CONTRACT_PUBLIC_CHILD
+    return AUTOMATION_CONTRACT_FULL_NEXO_AGENT
+
+
+def _caller_uses_global_discipline(caller: str) -> bool:
+    return _automation_contract_for_caller(caller) == AUTOMATION_CONTRACT_FULL_NEXO_AGENT
+
+
 def _should_apply_operator_language_contract(caller: str) -> bool:
     clean = str(caller or "").strip()
     if not clean:
@@ -1140,7 +1184,8 @@ def run_automation_prompt(
     if mapped_effort and not reasoning_effort:
         reasoning_effort = mapped_effort
 
-    enforcement_fragment = _build_enforcement_system_prompt()
+    automation_contract = _automation_contract_for_caller(caller)
+    enforcement_fragment = _build_enforcement_system_prompt() if _caller_uses_global_discipline(caller) else ""
     if enforcement_fragment:
         if append_system_prompt:
             append_system_prompt = append_system_prompt + "\n\n" + enforcement_fragment
@@ -1239,19 +1284,29 @@ def run_automation_prompt(
         if allowed_tools:
             cmd.extend(["--allowedTools", allowed_tools])
         cmd.extend(extra_args)
-        try:
-            import sys as _sys
-            if str(NEXO_HOME) not in _sys.path:
-                _sys.path.insert(0, str(NEXO_HOME))
-            from enforcement_engine import run_with_enforcement
-            result = run_with_enforcement(
-                cmd,
-                prompt=prompt,
-                cwd=str(cwd_path),
-                env=run_env,
-                timeout=timeout,
-            )
-        except ImportError:
+        if _caller_uses_global_discipline(caller):
+            try:
+                import sys as _sys
+                if str(NEXO_HOME) not in _sys.path:
+                    _sys.path.insert(0, str(NEXO_HOME))
+                from enforcement_engine import run_with_enforcement
+                result = run_with_enforcement(
+                    cmd,
+                    prompt=prompt,
+                    cwd=str(cwd_path),
+                    env=run_env,
+                    timeout=timeout,
+                )
+            except ImportError:
+                result = subprocess.run(
+                    cmd,
+                    cwd=str(cwd_path),
+                    capture_output=True,
+                    text=True,
+                    timeout=timeout,
+                    env=run_env,
+                )
+        else:
             result = subprocess.run(
                 cmd,
                 cwd=str(cwd_path),
@@ -1264,6 +1319,7 @@ def run_automation_prompt(
             result.stdout or "",
             requested_output_format=requested_output_format,
         )
+        telemetry["automation_contract"] = automation_contract
         recorded, record_error = _record_automation_run(
             backend=selected_backend,
             task_profile=task_profile,
@@ -1323,6 +1379,7 @@ def run_automation_prompt(
                     output_format=output_format,
                     append_system_prompt=append_system_prompt,
                     allowed_tools=allowed_tools,
+                    include_protocol_contract=_caller_uses_global_discipline(caller),
                 )
             )
             result = subprocess.run(
@@ -1340,6 +1397,7 @@ def run_automation_prompt(
                 final_stdout=stdout,
                 model=resolved_model,
             )
+            telemetry["automation_contract"] = automation_contract
             recorded, record_error = _record_automation_run(
                 backend=selected_backend,
                 task_profile=task_profile,
@@ -1351,6 +1409,9 @@ def run_automation_prompt(
                 returncode=result.returncode,
                 duration_ms=int((time.perf_counter() - started_at) * 1000),
                 telemetry=telemetry,
+                caller=caller,
+                session_type="headless",
+                resonance_tier=resonance_tier,
             )
             stderr = result.stderr or ""
             if not recorded:

package/src/doctor/providers/runtime.py

@@ -55,6 +55,15 @@ OPTIONALS_FILE = paths.config_dir() / "optionals.json"
 SCHEDULE_FILE = paths.config_dir() / "schedule.json"
 PACKAGE_JSON = NEXO_CODE / "package.json"
 CHANGELOG_FILE = NEXO_CODE / "CHANGELOG.md"
+CORE_AUTOMATION_CALLERS_BY_CRON = {
+    "catchup": ("catchup/morning",),
+    "deep-sleep": ("deep-sleep/extract", "deep-sleep/synthesize"),
+    "email-monitor": ("email_monitor",),
+    "evolution": ("evolution/run",),
+    "followup-runner": ("followup_runner",),
+    "morning-agent": ("morning_agent",),
+    "sleep": ("sleep/nightly",),
+}
 
 
 def _evolution_objective_payload() -> dict:
@@ -3676,6 +3685,154 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
     )
 
 
+def check_automation_caller_coverage(days: int = 7) -> DoctorCheck:
+    """Compare core cron activity with caller-attributed automation rows.
+
+    This is a support signal, not proof of failure: a cron can legitimately
+    have no model call when there is no work. It still catches the regression
+    class where a runner branch records rows without caller/session context.
+    """
+    db_path = paths.db_path()
+    if not db_path.is_file():
+        return DoctorCheck(
+            id="runtime.automation_caller_coverage",
+            tier="runtime",
+            status="degraded",
+            severity="warn",
+            summary="Automation caller coverage DB is missing",
+            evidence=[str(db_path)],
+            repair_plan=["Run NEXO once so migrations create the shared runtime DB"],
+            escalation_prompt="Support cannot compare core cron activity with automation caller traces.",
+        )
+
+    expected_crons = tuple(CORE_AUTOMATION_CALLERS_BY_CRON)
+    placeholders = ",".join("?" for _ in expected_crons)
+
+    try:
+        conn = sqlite3.connect(str(db_path), timeout=2)
+        conn.row_factory = sqlite3.Row
+        try:
+            tables = {
+                row["name"]
+                for row in conn.execute("SELECT name FROM sqlite_master WHERE type='table'").fetchall()
+            }
+            missing_tables = [name for name in ("cron_runs", "automation_runs") if name not in tables]
+            if missing_tables:
+                return DoctorCheck(
+                    id="runtime.automation_caller_coverage",
+                    tier="runtime",
+                    status="degraded",
+                    severity="warn",
+                    summary="Automation caller coverage schema is incomplete",
+                    evidence=[f"missing_tables={','.join(missing_tables)}"],
+                    repair_plan=["Run NEXO migrations before trusting automation caller coverage"],
+                    escalation_prompt="Core automation activity cannot be matched to caller-attributed model runs.",
+                )
+            cron_rows = conn.execute(
+                f"""
+                SELECT cron_id, COUNT(*) AS runs, MAX(started_at) AS last_started
+                FROM cron_runs
+                WHERE started_at >= datetime('now', ?)
+                  AND cron_id IN ({placeholders})
+                GROUP BY cron_id
+                ORDER BY cron_id
+                """,
+                (f"-{days} days", *expected_crons),
+            ).fetchall()
+            caller_rows = conn.execute(
+                """
+                SELECT caller, COUNT(*) AS runs,
+                       MAX(COALESCE(started_at, created_at)) AS last_seen
+                FROM automation_runs
+                WHERE COALESCE(started_at, created_at) >= datetime('now', ?)
+                GROUP BY caller
+                """,
+                (f"-{days} days",),
+            ).fetchall()
+        finally:
+            conn.close()
+    except Exception as exc:
+        return DoctorCheck(
+            id="runtime.automation_caller_coverage",
+            tier="runtime",
+            status="degraded",
+            severity="warn",
+            summary="Automation caller coverage is unreadable",
+            evidence=[str(exc)],
+            repair_plan=["Inspect runtime DB cron_runs and automation_runs tables"],
+            escalation_prompt="Support cannot verify whether core automations are leaving caller traces.",
+        )
+
+    caller_counts = {str(row["caller"] or ""): int(row["runs"] or 0) for row in caller_rows}
+    caller_last_seen = {str(row["caller"] or ""): str(row["last_seen"] or "") for row in caller_rows}
+    cron_rows = list(cron_rows)
+
+    evidence = [f"window={days}d", f"core_crons_seen={len(cron_rows)}"]
+    missing_matches: list[str] = []
+    for row in cron_rows:
+        cron_id = str(row["cron_id"] or "")
+        expected_callers = CORE_AUTOMATION_CALLERS_BY_CRON.get(cron_id, ())
+        matched = [caller for caller in expected_callers if caller_counts.get(caller, 0) > 0]
+        if matched:
+            evidence.append(
+                f"{cron_id}: cron_runs={int(row['runs'] or 0)} caller_runs="
+                + ",".join(f"{caller}:{caller_counts[caller]}" for caller in matched)
+            )
+        else:
+            expected = "|".join(expected_callers)
+            missing_matches.append(cron_id)
+            evidence.append(
+                f"{cron_id}: cron_runs={int(row['runs'] or 0)} no_matching_caller={expected} "
+                f"last_started={row['last_started']}"
+            )
+
+    empty_caller_runs = caller_counts.get("", 0)
+    if empty_caller_runs:
+        evidence.append(f"empty_caller_runs={empty_caller_runs}")
+    for caller in sorted(caller_counts):
+        if caller:
+            evidence.append(f"caller_seen={caller}:{caller_counts[caller]} last={caller_last_seen.get(caller, '')}")
+
+    if not cron_rows:
+        return DoctorCheck(
+            id="runtime.automation_caller_coverage",
+            tier="runtime",
+            status="healthy",
+            severity="info",
+            summary="No recent core automation cron activity to match",
+            evidence=evidence,
+            repair_plan=[],
+            escalation_prompt="",
+        )
+
+    status = "healthy"
+    severity = "info"
+    repair_plan: list[str] = []
+    if empty_caller_runs or missing_matches:
+        status = "degraded"
+        severity = "warn"
+        repair_plan.append(
+            "If the cron had work, inspect run_automation_prompt caller attribution; if it was a no-op tick, no user action is needed"
+        )
+
+    return DoctorCheck(
+        id="runtime.automation_caller_coverage",
+        tier="runtime",
+        status=status,
+        severity=severity,
+        summary=(
+            "Core automation caller coverage looks healthy"
+            if status == "healthy"
+            else "Core automation caller coverage needs review"
+        ),
+        evidence=evidence,
+        repair_plan=repair_plan,
+        escalation_prompt=(
+            "A core automation cron ran without a matching caller-attributed automation row in the selected window."
+        ) if status != "healthy" else "",
+    )
+
+
 def run_runtime_checks(fix: bool = False) -> list[DoctorCheck]:
     """Run all runtime-tier checks. Read-only by default."""
     return [
@@ -3695,6 +3852,7 @@ def run_runtime_checks(fix: bool = False) -> list[DoctorCheck]:
         safe_check(check_client_assumption_regressions),
         safe_check(check_protocol_compliance),
         safe_check(check_automation_telemetry),
+        safe_check(check_automation_caller_coverage),
         safe_check(check_state_watchers),
         safe_check(check_release_artifact_sync),
         safe_check(check_release_trace_hygiene),

package/src/scripts/check-context.py

@@ -190,7 +190,7 @@ def smart_check(action_description: str, context: str = "") -> dict:
             timeout=300,
             output_format="text",
             append_system_prompt=render_core_prompt("json-object-only"),
-            allowed_tools="Read,Write,Edit,Glob,Grep,Bash,mcp__nexo__*",
+            allowed_tools="Read,Glob,Grep",
         )
         if result.returncode == 0:
             parsed = _extract_json(result.stdout)